Rating:
Please, do not write just a link to original writeup here.
i have a Question regarding your stack printing in gdb/peda you posted that it looks like that in your terminal :
[------------------------------------stack-------------------------------------]
0000| 0xffffd370 ("flag{57201791ea24f3acd852cee3271333a8}\002\002")
0004| 0xffffd374 ("{57201791ea24f3acd852cee3271333a8}\002\002")
0008| 0xffffd378 ("01791ea24f3acd852cee3271333a8}\002\002")
0012| 0xffffd37c ("1ea24f3acd852cee3271333a8}\002\002")
0016| 0xffffd380 ("4f3acd852cee3271333a8}\002\002")
0020| 0xffffd384 ("cd852cee3271333a8}\002\002")
0024| 0xffffd388 ("2cee3271333a8}\002\002")
0028| 0xffffd38c ("3271333a8}\002\002")
[------------------------------------------------------------------------------]
but in my peda it looks like that :
[──────────────────────────────────────────────STACK───────────────────────────────────────────────────────────────]
00:0000│ esp 0xffffd0d0 ◂— 0x25 /* '%' */
01:0004│ 0xffffd0d4 —▸ 0x80ea09c (ncapstr) ◂— 0x4
02:0008│ 0xffffd0d8 —▸ 0xffffd188 —▸ 0x80ed028 —▸ 0x80ed040 ◂— ...
03:000c│ 0xffffd0dc —▸ 0x805a3c5 (malloc+181) ◂— test eax, eax
04:0010│ 0xffffd0e0 ◂— 0x0
05:0014│ 0xffffd0e4 ◂— 0x1
06:0018│ 0xffffd0e8 ◂— 0x8
07:001c│ 0xffffd0ec —▸ 0x8099ed7 (_dl_important_hwcaps+1751) ◂— add esp, 0x10
how did you changed it to print ascii in your case ?
@qth112
in peda,
breakpoint at 0x8048977 and execute 'finish' command again and again ~~
and you can find flag if you search the stack
oops! @qth112
in peda,
breakpoint at 0x8048977 and run argv = "aaaaaa" , execute 'finish' command again and again ~~
